JetBrains has alerted customers to a crucial vulnerability in its GitHub plugin for IntelliJ platforms, which exposes GitHub tokens. Though JetBrains has launched a patch for this subject within the newest IDE variations, they strongly advise customers to train warning and guarantee their software program is promptly up to date.
JetBrains Patched Critical GitHub Plugin Vulnerability Impacting IntelliJ IDEs
In keeping with a latest post, JetBrains patched a critical safety flaw within the GitHub plugin that made the IntelliJ IDEs susceptible to exposing GitHub entry tokens.
JetBrains GitHub plugin for IntelliJ IDEs gives fast entry to the GitHub repositories from the IDE. Whereas it gives comfort to the customers with GitHub account integration, the vulnerability posed a critical menace to IntelliJ IDE variations 2023.1 onwards having the GitHub plugin enabled.
As defined, the vulnerability, CVE-2024-37051, would have an effect on pull requests throughout the IDE, exposing the GitHub entry tokens to third-party websites.
JetBrains patched the vulnerability following an exterior safety report, deploying fixes with the next IntelliJ IDE variations.
- Aqua: 2024.1.2
- CLion: 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2
- DataGrip: 2024.1.4
- DataSpell: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2
- GoLand: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
- IntelliJ IDEA: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
- MPS: 2023.2.1, 2023.3.1, 2024.1 EAP2
- PhpStorm: 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3
- PyCharm: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2
- Rider: 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3
- RubyMine: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4
- RustRover: 2024.1.1
- WebStorm: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Furthermore, the builders additionally patched the vulnerability with the most recent GitHub plugin launch, eradicating the older variations from the JetBrains Market for customers’ security.
JetBrains additionally collaborated with GitHub for mitigations. Nevertheless, the mitigations have an effect on the efficiency of the JetBrains GitHub plugin in older IDEs. Therefore, the customers should guarantee they’re operating the most recent IDE variations to obtain the patch.
JetBrains Additionally Recommends Revoking Tokens
Whereas JetBrains urged deploying the patches, additionally they suggested customers actively utilizing the GitHub pull request performance within the IDE to revoke any GitHub tokens in use by the plugin. Though revoking tokens requires the customers to arrange the plugin once more, it’s a precautionary suggestion to keep away from potential abuse of the GitHub tokens to entry the GitHub accounts, which turn into susceptible even with the two-factor authentication enabled.
Tell us your ideas within the feedback.
